I have seen this many times, you are doing a Microsoft Windows Update and something goes terribly wrong. After reboot you get the dreaded Blue Screen of Death known best by BSOD. One of the only error indications is “Critical Service Failed” in the Blue Screen. This could be caused by an unsigned driver, or at least Windows believes it is unsigned.

After about three reboots you should be able to get into the troubleshooting menus, advanced options:

Choose Startup Settings:

This will send you into safe mode at reboot, in here you need to select “Disable driver signature enforcement”.

You should now be able to boot up and login. There is a built in tool in Windows, File Signature Verification, you can get to it by running “SigVerif”, this will scan and list any drivers that are found unsigned.

You can see in the example above that it identified several drivers as unsigned even though these are standard windows drivers that should be signed by default.

At this point must administrators will be thinking it is a driver issue, however that is not always the case. For every driver Microsoft has a counter-signature in addition to the vendor-signatures, these counter-signatures are kept in catalogs in the c:\windows\system32\catroot location. If these become corrupt you will get the indications as above. There are 11 catalogs.

The fix: using a known good system copy the folder c:\windows\system32\catroot overwriting the folder on the affected system.

I am the original "CodeMonkey", founder, CISSP and a Sr. System Administrator with over 31 years experience. I specialize in PowerShell Scripting and Virtualization. I hope that everyone will enjoy the site and contribute to make this a great resource for everyone!
Author of "PowerShell Studio - A Comprehensive Guide"